JAVA-14881 Update spring-security-oauth2 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12898)

spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/jersey/SecurityConfig.java

@@ -1,21 +1,23 @@
 package com.baeldung.jersey;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
-    @Override
+
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
-        http
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-          .authorizeRequests()
+        http.authorizeRequests()
-          .antMatchers("/login")
+            .antMatchers("/login")
-          .permitAll()
+            .permitAll()
-          .anyRequest()
+            .anyRequest()
-          .authenticated()
+            .authenticated()
-          .and()
+            .and()
-          .oauth2Login()
+            .oauth2Login()
-          .loginPage("/login");
+            .loginPage("/login");
+        return http.build();
     }
 }

spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java

@@ -10,7 +10,6 @@ import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.env.Environment;
 import org.springframework.http.converter.FormHttpMessageConverter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
 import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
@@ -23,6 +22,7 @@ import org.springframework.security.oauth2.client.web.AuthorizationRequestReposi
 import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.client.RestTemplate;
 
 import com.baeldung.oauth2request.CustomAuthorizationRequestResolver;
@@ -31,10 +31,10 @@ import com.baeldung.oauth2request.CustomTokenResponseConverter;
 
 //@Configuration
 @PropertySource("application-oauth2.properties")
-public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter {
+public class CustomRequestSecurityConfig {
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.authorizeRequests()
             .antMatchers("/oauth_login", "/loginFailure", "/")
             .permitAll()
@@ -44,8 +44,7 @@ public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter {
             .oauth2Login()
             .loginPage("/oauth_login")
             .authorizationEndpoint()
-                        .authorizationRequestResolver( new CustomAuthorizationRequestResolver(clientRegistrationRepository(),"/oauth2/authorize-client"))
+            .authorizationRequestResolver(new CustomAuthorizationRequestResolver(clientRegistrationRepository(), "/oauth2/authorize-client"))
-
             .baseUri("/oauth2/authorize-client")
             .authorizationRequestRepository(authorizationRequestRepository())
             .and()
@@ -54,6 +53,7 @@ public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter {
             .and()
             .defaultSuccessUrl("/loginSuccess")
             .failureUrl("/loginFailure");
+        return http.build();
     }
 
     @Bean

spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/SecurityConfig.java

@@ -10,7 +10,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.env.Environment;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
 import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
@@ -23,13 +22,14 @@ import org.springframework.security.oauth2.client.registration.InMemoryClientReg
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
 import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @PropertySource("application-oauth2.properties")
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.authorizeRequests()
             .antMatchers("/oauth_login", "/loginFailure", "/")
             .permitAll()
@@ -47,6 +47,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
             .and()
             .defaultSuccessUrl("/loginSuccess")
             .failureUrl("/loginFailure");
+        return http.build();
     }
 
     @Bean

spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java

@@ -4,29 +4,30 @@ import com.baeldung.oauth2extractors.extractor.custom.BaeldungAuthoritiesExtract
 import com.baeldung.oauth2extractors.extractor.custom.BaeldungPrincipalExtractor;
 import com.baeldung.oauth2extractors.extractor.github.GithubAuthoritiesExtractor;
 import com.baeldung.oauth2extractors.extractor.github.GithubPrincipalExtractor;
-import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-@EnableOAuth2Sso
+public class SecurityConfig {
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.antMatcher("/**")
-                .authorizeRequests()
+            .authorizeRequests()
-                .antMatchers("/login**")
+            .antMatchers("/login**")
-                .permitAll()
+            .permitAll()
-                .anyRequest()
+            .anyRequest()
-                .authenticated()
+            .authenticated()
-                .and()
+            .and()
-                .formLogin().disable();
+            .formLogin()
+            .disable()
+            .oauth2Login();
+        return http.build();
     }
 
     @Bean

spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java

@@ -15,25 +15,34 @@ import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticat
 import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
 import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
 import javax.servlet.Filter;
 
 @Configuration
 @EnableOAuth2Client
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
     OAuth2ClientContext oauth2ClientContext;
 
     public SecurityConfig(OAuth2ClientContext oauth2ClientContext) {
         this.oauth2ClientContext = oauth2ClientContext;
     }
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests().antMatchers("/", "/login**", "/error**")
+        http.authorizeRequests()
-          .permitAll().anyRequest().authenticated()
+            .antMatchers("/", "/login**", "/error**")
-          .and().logout().logoutUrl("/logout").logoutSuccessUrl("/")
+            .permitAll()
-          .and().addFilterBefore(oauth2ClientFilter(), BasicAuthenticationFilter.class);
+            .anyRequest()
+            .authenticated()
+            .and()
+            .logout()
+            .logoutUrl("/logout")
+            .logoutSuccessUrl("/")
+            .and()
+            .addFilterBefore(oauth2ClientFilter(), BasicAuthenticationFilter.class);
+        return http.build();
     }
 
     @Bean

spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-baeldung.properties

@@ -1,6 +1,10 @@
 server.port=8082
-security.oauth2.client.client-id=SampleClientId
+
-security.oauth2.client.client-secret=secret
+spring.security.oauth2.client.registration.baeldung.client-id=SampleClientId
-security.oauth2.client.access-token-uri=http://localhost:8081/auth/oauth/token
+spring.security.oauth2.client.registration.baeldung.client-secret=secret
-security.oauth2.client.user-authorization-uri=http://localhost:8081/auth/oauth/authorize
+spring.security.oauth2.client.registration.baeldung.authorization-grant-type=authorization_code
-security.oauth2.resource.user-info-uri=http://localhost:8081/auth/user/me
+spring.security.oauth2.client.registration.baeldung.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
+
+spring.security.oauth2.client.provider.baeldung.token-uri=http://localhost:8081/auth/oauth/token
+spring.security.oauth2.client.provider.baeldung.authorization-uri=http://localhost:8081/auth/oauth/authorize
+spring.security.oauth2.client.provider.baeldung.user-info-uri=http://localhost:8081/auth/user/me

spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-github.properties

@@ -1,7 +1,9 @@
 server.port=8082
-security.oauth2.client.client-id=89a7c4facbb3434d599d
+
-security.oauth2.client.client-secret=9b3b08e4a340bd20e866787e4645b54f73d74b6a
+spring.security.oauth2.client.registration.github.client-id=368238083842-3d4gc7p54rs6bponn0qhn4nmf6apf24a.apps.googleusercontent.com
-security.oauth2.client.access-token-uri=https://github.com/login/oauth/access_token
+spring.security.oauth2.client.registration.github.client-secret=2RM2QkEaf3A8-iCNqSfdG8wP
-security.oauth2.client.user-authorization-uri=https://github.com/login/oauth/authorize
+spring.security.oauth2.client.registration.github.scope=read:user,user:email
-security.oauth2.client.scope=read:user,user:email
+
-security.oauth2.resource.user-info-uri=https://api.github.com/user
+spring.security.oauth2.client.provider.github.token-uri=https://github.com/login/oauth/access_token
+spring.security.oauth2.client.provider.github.authorization-uri=https://github.com/login/oauth/authorize
+spring.security.oauth2.client.provider.github.user-info-uri=https://api.github.com/user